marcv
n00b
Joined: 25 Feb 2006
Posts: 16
Location: Catalonia
|
 Posted: Thu Mar 08, 2012 10:35 pm Post subject: OpenSSL handsake fails with bindist disabled |
 |
|
I'm having some trouble connecting to imap.gmail.com:993 with openssl when the bindist flag is disabled. This is what I get:
| Code: |
$ openssl s_client -connect imap.gmail.com:993
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 211 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
|
However with the bindist flag enabled (so the EC and RC5 algorithms compiled out) what I get is:
| Code: |
$ openssl s_client -connect imap.gmail.com:993
CONNECTED(00000003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
[...]
* OK Gimap ready for requests
|
OpenSSL is openssl-1.0.0g, compiled with flags sse2 and zlib. I started noticing this problem around January 1st 2010 (+- 2 weeks). I can connect to other servers with OpenSSL. GnuTLS has no problem connecting to imap.gmail.com. Claws Mail (which I assume uses OpenSSL) also can't connect to imap.gmail.com.
I could not find any workaround for this issue; not even any reports, so I don't know if it's a bug, a misconfiguration on my side or lack of search skills. Could someone try to replicate this or provide some pointers?
_________________
blah. |
|
Networking & Security
